But the payload is the thing, in this case there is an archivecalled 950533-30.07.2014.zip containing a folder order-8301138-30.07.2014.xls which in turn contains a malicious executable order-8301138-30.07.2014.xls.exe which has a VirusTotal detection rate of 6/54.

A second file is downloaded from these locations with a VT detection rate of just 2/54. The CAMAS report is inconclusive.

I recommend the following blocklist:
jobengine.inlegusadvantage.comdavidtaylorartist.comasustabletservisi.commycustomkidsbooks.comredhorsesolutions.comtencoolthings.comwwwtokiodesign.comextreme-bdsm-comics.com